Jump to content

a better anti copy/transfer script ?

Pedlar Decosta

By Pedlar Decosta,
in LSL Scripting

 Share
You are about to reply to a thread that has been inactive for 1807 days.

Please take a moment to consider if this thread is worth bumping.

Recommended Posts

Wulfie Reanimator

Wulfie Reanimator

Posted
Posted (edited)
10 minutes ago, halebore Aeon said:

I am not saying that we would be forced to use the standard viewer, I am saying have some sort of application system. Where the creators of the other viewers, would have to apply to get the ability to use the source code. Like some sort of program, where say the Firestorm creator applied, and like those developers kits, you would get approved or denied. In essence, you would still have a choice, but it would limit these illicit viewers to actually exist. Sure they could reverse engineer and create a copybot viewer, or they could do what the other person said. But it would mean that no Tom, Dick and Harry could just create a viewer with mal-intent. I also know you can't copy scripts, I am just saying have safeguards in place, before.

What does anything you're saying have to do with this topic, then?

Ending Second Life's legacy as a mostly open-source platform still wouldn't solve the problem OP is having.

Edited by Wulfie Reanimator
  • Like 3
Link to comment
Share on other sites
ItHadToComeToThis

ItHadToComeToThis

Posted
Posted (edited)
43 minutes ago, halebore Aeon said:

I am not saying that we would be forced to use the standard viewer, I am saying have some sort of application system. Where the creators of the other viewers, would have to apply to get the ability to use the source code. Like some sort of program, where say the Firestorm creator applied, and like those developers kits, you would get approved or denied. In essence, you would still have a choice, but it would limit these illicit viewers to actually exist. Sure they could reverse engineer and create a copybot viewer, or they could do what the other person said. But it would mean that no Tom, Dick and Harry could just create a viewer with mal-intent. I also know you can't copy scripts, I am just saying have safeguards in place, before.

The problem is. That it just wouldn't work. The moment you start handing out source code to even authorised developers is the moment that the risk increases dramatically. And the more developers that are authorised, the greater the risk becomes. One way maybe to approach it is to re design the SL viewer into a more...modular?...viewer where developers can create addons that other users can download or install from a preapproved viewer "marketplace". Maybe having some kind of API that developers can plug in to in order to change and modify things within the viewer without actually ever needing access to the source code itself. But the question is, would even this make it safe?.

When it comes to third party developers the fact is you never truly know who it is you are dealing with. You mention firestorm and I have no reason to think that the firestorm team would ever do anything to abuse ours or the labs trust (not stating that is what you said btw) and they have built up an amazing rep over the years and Jessica and her team work harder than any other viewer developer I have seen. Yet, if you go back before the firestorm project it has its roots in the emerald viewer project and we all know what happened there. Btw I am not blaming Jessica or her team for that so if that's how it comes across then I apologise to them. I'm making the point that even the most trusted developers, like emerald which was used by many, can turn out to be the worst and what could be viewed, initially at least, as risky..such as the initial firestorm/phoenix project coming out of the emerald project..can turn out to be the best.

But the fact is...this is all mute as the lab will probably never change how any of this is done. The viewer source will remain open, third parties will continue to develop at their leisure and bot viewers will continue to appear so why worry

Edited by ItHadToComeToThis
Link to comment
Share on other sites
Da5id Weatherwax

Da5id Weatherwax

Posted
Posted

I think folks simply have a hard time getting their heads around a fundamental fact.

If it's in your computer memory and you want to get your hands on it badly enough you can. Even for non-geeks there are howto documents and packaged tools to do it if you look around the web hard enough. If you actually know even a little about what you're doing under the hood of your operating system (and to continue the motor analogy, I'm talking "shade-tree mechanic" not "Formula 1 race engineer" levels here) it is so simple as to be trivial.

Without touching the viewer code at all.

Any mesh, any texture displayed on your screen, any sound played through your speakers? One or two hooks into the graphics and audio drivers via their public APIs and you're done. Animations are less easy, to rip those the easiest way would indeed be to hook the viewer itself but if you're a capable coder and you know the comms protocols between viewer and server you could do it by hooking the network driver instead and mounting a MITM attack on the https channels between viewer and servers. Far from trivial in that latter case but also far from impossible and since the attack was happening within the network stack on a legit client, neither the server nor viewer could detect it or prevent it. It's just data and it has to pass through a known encoding to make it to your display or your ears. When it does, that's when the nefarious coder grabs it.

And there is nothing any content creator or LL can do to change this. All they can do is to impose consequences on folks that do it and get caught thanks to re-using their stolen assets on the platform they stole it from. And this is what they do do, whenever they are made aware of it.

 

And yet, folks keep selling unsuspecting content creators the latest brand of snake oil that will keep folks from stealing their work... when, if the people peddling it were knowledgeable and honest they'd know that not only does their "bright idea" not work, it can't work.

  • Like 2
Link to comment
Share on other sites
Coffee Pancake

Coffee Pancake

Posted
Posted
On 5/5/2019 at 4:17 PM, halebore Aeon said:

Honestly instead of trying to create scripts, especially when it comes to anti-copy and trans, they need to create an official viewer program. Where third party viewer creators, such as firestorm, black dragon, etc have to sign up to get the code. We would eliminate copy botters totally. Like what I mean, is make the code closed source, and you have to apply to get a copy of it. The only reason we have this problem is due to the source code being open sourced.

This is so wrong it's difficult to know where to start.

The first third party bot/simplistic clients to connect to the grid predated the opensource initiative and did so with out a single line of source from LL. NONE.

It is impossible to eliminate "botters" or anyone connecting to the service via an unsanctioned client.

Hacking closed source software to do things it wasn't supposed is a tradition that goes back to the very dawn of computing.

 
Quote

I am not saying that we would be forced to use the standard viewer, I am saying have some sort of application system. Where the creators of the other viewers, would have to apply to get the ability to use the source code. Like some sort of program, where say the Firestorm creator applied, and like those developers kits, you would get approved or denied. In essence, you would still have a choice, but it would limit these illicit viewers to actually exist. Sure they could reverse engineer and create a copybot viewer, or they could do what the other person said. But it would mean that no Tom, Dick and Harry could just create a viewer with mal-intent. I also know you can't copy scripts, I am just saying have safeguards in place, before.

We already have already signed documents with LL, we have to in order for them to accept code submission from us and to appear on the TPV directory. LL know who we are, where we live, our real names, rights to everything forever ... and that's before what we had to sign to get a Havok sub licence.

Limited access to the source would never have stopped the bots or content theft.

Limiting access to the source now will not and would never have done anything to stop content theft.

Content protection via permissions is a feature, it's not something that exists by default.

Anything displayed on your screen can be ripped via perfectly legit dedicated tools. These tools are trivial to find, well documented and well within reach of Tom, Dick and Harry. 

 

You're arguing with some pretty fundamental misconceptions about how Second Life, software, computers, networks, source code and development in general work.

 

  • Like 2
  • Thanks 2
Link to comment
Share on other sites
  • 3 weeks later...
You are about to reply to a thread that has been inactive for 1807 days.

Please take a moment to consider if this thread is worth bumping.

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
 Share
Go to topic listing
×
×
  • Create New...